SlideShare a Scribd company logo

How to Build a Threat Detection Strategy in the AWS Cloud

Download as PPTX, PDF
J
Joseph Holbrook, Chief Learning Officer (CLO)

By the end of this Course you should be able to understand Shared Security Model Introduction to Threat Detection Intrusion Detection Systems, Advanced Threat Detection Systems and other security tools that enable a proactive response to threats. Building a Threat Reduction Strategy Cloud Adoption Framework (CAF) Security Perspective Controls AWS GuardDuty Monitoring (Demo) AWS Security Specialty Certification Course Summary In a recent eye-opening study, Threat Stack found that 73% of companies have at least one critical security misconfiguration, such as remote SSH open to the entire internet. That most security incidents actually occur because of credential theft (according to the 2018 Verizon Data Breach Investigations Report) not sophisticated zero-day attacks against cloud providers themselves.

Technology
1 of 42
How to Build a Threat Detection Strategy in AWS
How to Build a Threat Detection Strategy in AWS Instructor Introduction
Instructor Introduction • Joseph Holbrook • Consulting Blockchain Solutions Architect/Trainer/Speaker out of Jacksonville, FL • Certified Blockchain Solutions Architect (CBSA) • Certified Blockchain Developer Hyperledger (CBDH) • Certified Corda Developer • Certified Google Cloud Platform Cloud Architect and Engineer • AWS Professional Services Partner - Premier • Certified AWS Solutions Architect, SysOps and Security • CompTIA SME – Cloud and Security • Brocade Distinguished Architect (BDA) 2013 • EMC Proven Professional – Expert – Cloud (EMCCE) • Published Course Author on Pearson Safari, Udemy, Linkedin Learning • Author “Architecting Enterprise Blockchain Solutions” – Wiley November 2019 • Prior US Navy Veteran
How to Build a Threat Detection Strategy in AWS Course Introduction
Course Introduction By the end of this Course you should be able to understand  Shared Security Model  Introduction to Threat Detection  Intrusion Detection Systems, Advanced Threat Detection Systems and other security tools that enable a proactive response to threats.  Building a Threat Reduction Strategy  Cloud Adoption Framework (CAF) Security Perspective Controls  AWS GuardDuty Monitoring (Demo)  AWS Security Specialty Certification  Course Summary
How to Build a Threat Detection Strategy in AWS Did you Know?
Did you know? Did You Know? • In a recent eye-opening study, Threat Stack found that 73% of companies have at least one critical security misconfiguration, such as remote SSH open to the entire internet. • That most security incidents actually occur because of credential theft (according to the 2018 Verizon Data Breach Investigations Report) not sophisticated zero-day attacks against cloud providers themselves.
Did you know? Did You Know? • The AWS S3 bucket name is not a secret and therefore there are many ways for a hacker to figure it out. Once the attacker figures it out they can steal your data and expose it to viewers that are unintended. • VPC Flow log entries can be scanned to detect both specific and anomalous attack patterns.
How to Build a Threat Detection Strategy in AWS Shared Security Model
Introduction and benefits of AWS security Shared Security Model • Review the shared responsibility model and know what the provider does for security and what the user is responsible for.
How to Build a Threat Detection Strategy in AWS Introduction to Threat Detection
How to Build a Threat Detection Strategy in AWS Threat Detection • Threat detection is the process by which you find threats on your network, your systems or your applications • Malware, Virus, Phishing, Trojans, Ransomware, permissioning issues, backdoors are common • APT- The enemy could be hidden for months or more. • Focus on techniques, tactics, and procedures (TTPs)
How to Build a Threat Detection Strategy in AWS Understand what the attackers are after. • Credentials • Financial Information • Health Info/PII • Corporate Secrets • Ransom • Revenge or even corporate image harm
How to Build a Threat Detection Strategy in AWS Threat Detection Tools • SIEMs • IDS • NGEN Firewalls • Endpoints • Cloud Brokers • Honeypots • Analytics
How to Build a Threat Detection Strategy in AWS Intrusion Detection Systems, Advanced Threat Detection Systems and other security tools that enable a proactive response to threats
Introduction and benefits of AWS security • SIEM – Security Hub • Security Service (Uses AI) – Macie • Security Service –(For EC2) Inspector • Compliance Tool – Audit Artifacts • DDoS Protection - Shield • CloudWatch – Monitoring Tool • Others such as HSM, FW Manager, Cognito, etc
Introduction and benefits of AWS security Diagram - Fortinet
Introduction and benefits of AWS security Diagram - AWS
Introduction and benefits of AWS security
Introduction and benefits of AWS security
Introduction and benefits of AWS security
How to Build a Threat Detection Strategy in AWS Building a Threat Reduction Strategy
Introduction and benefits of AWS security Identify threats • Insider • Outsider • Kill Chain – 6 Steps • Kill Chain – 5 Components Diagram ISC Congress
How to Build a Threat Detection Strategy in AWS Cloud Adoption Framework (CAF) Security Perspective Controls
Introduction and benefits of AWS security • The AWS CAF provides a framework to help you structure and plan your cloud adoption journey and then build a comprehensive approach to cloud computing throughout the IT lifecycle. • The CAF provides seven specific areas of focus or Perspectives: business, platform, maturity, people, process, operations, and security. • Security Perspective captures AWS’s experience working with enterprise customers on their cloud adoption journey
CAF Security Controls • CAF 101
How to Build a Threat Detection Strategy in AWS AWS GuardDuty Monitoring
How to Build a Threat Detection Strategy in AWS GuardDuty Analyzes literally billions of events to identify trends, patterns, and anomalies to find behavior that are recognizable signs that something may be wrong. Receives Input from multiple data streams. • Several threat intelligence feeds • Staying aware of malicious IP addresses and domains
How to Build a Threat Detection Strategy in AWS GuardDuty searches customers specified • Virtual Private Cloud (VPC) Flow Logs • AWS CloudTrail • DNS logs You can also set a whitelist list and a blacklist
How to Build a Threat Detection Strategy in AWS GuardDuty searches customers specified • Virtual Private Cloud (VPC) Flow Logs • AWS CloudTrail • DNS logs
How to Build a Threat Detection Strategy in AWS GuardDuty searches customers specified • Virtual Private Cloud (VPC) Flow Logs • AWS CloudTrail • DNS logs
How to Build a Threat Detection Strategy in AWS GuardDuty searches customers specified • Virtual Private Cloud (VPC) Flow Logs • AWS CloudTrail • DNS logs
How to Build a Threat Detection Strategy in AWS GuardDuty searches customers specified • Virtual Private Cloud (VPC) Flow Logs • AWS CloudTrail • DNS logs
AWS Guard Duty • Overview
Introduction and benefits of AWS security Top 7 AWS Security Services • AWS Security Center • AWS Guard Duty • AWS CloudHSM • Amazon Inspector • AWS Key Management Service • AWS Trusted Advisor • AWS Cloud Trail AWS Services - Security
Introduction and benefits of AWS security AWS Security Specialty Exam
Introduction and benefits of AWS security AWS Security Specialization is really focused on best practices, AWS security services and security controls for workloads on AWS. Exam info is here. https://aws.amazon.com/certification/certified-security-specialty/
How to Build a Threat Detection Strategy in AWS Course Summary
How to Build a Threat Detection Strategy in AWS Threat Detection in AWS Putting it all together  AWS services can be used in a complementary manner to add capability.  AWS and Security are complementary. The better your security planning is the more favorable results you should get out of AWS services.  AWS has a robust solution set of security related services.
How to Build a Threat Detection Strategy in AWS Resources  AWS Security Products - https://aws.amazon.com/products/security/  Security Hub - https://aws.amazon.com/security-hub/  Landing Zone - https://aws.amazon.com/solutions/aws-landing-zone/  Fortinet - https://www.fortinet.com/products/public-cloud-security/aws.html
How to Build a Threat Detection Strategy in AWS QuickStart Resources - AWS
How to Build a Threat Detection Strategy in AWS Thank you and Questions

Recommended

AWS Security Week: Intro To Threat Detection & Remediation
AWS Security Week: Intro To Threat Detection & RemediationAWS Security Week: Intro To Threat Detection & Remediation
AWS Security Week: Intro To Threat Detection & RemediationAmazon Web Services
 
AWS Shared Security Model in Practice
AWS Shared Security Model in PracticeAWS Shared Security Model in Practice
AWS Shared Security Model in PracticeAlert Logic
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSAmazon Web Services
 
Security Spotlight: The Coca Cola Company - CSS ATX 2017
Security Spotlight: The Coca Cola Company - CSS ATX 2017Security Spotlight: The Coca Cola Company - CSS ATX 2017
Security Spotlight: The Coca Cola Company - CSS ATX 2017Alert Logic
 
CSS17: DC - The AWS Shared Responsibility Model in Practice
CSS17: DC - The AWS Shared Responsibility Model in PracticeCSS17: DC - The AWS Shared Responsibility Model in Practice
CSS17: DC - The AWS Shared Responsibility Model in PracticeAlert Logic
 
AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersAWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersJames Strong
 
DDoS Mitigation Techniques and AWS Shield
DDoS Mitigation Techniques and AWS ShieldDDoS Mitigation Techniques and AWS Shield
DDoS Mitigation Techniques and AWS ShieldAmazon Web Services
 
CSS17: Dallas - The AWS Shared Responsibility Model in Practice
CSS17: Dallas - The AWS Shared Responsibility Model in PracticeCSS17: Dallas - The AWS Shared Responsibility Model in Practice
CSS17: Dallas - The AWS Shared Responsibility Model in PracticeAlert Logic
 

Recommended

AWS Security Week: Intro To Threat Detection & Remediation
AWS Security Week: Intro To Threat Detection & RemediationAWS Security Week: Intro To Threat Detection & Remediation
AWS Security Week: Intro To Threat Detection & RemediationAmazon Web Services
 
AWS Shared Security Model in Practice
AWS Shared Security Model in PracticeAWS Shared Security Model in Practice
AWS Shared Security Model in PracticeAlert Logic
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSAmazon Web Services
 
Security Spotlight: The Coca Cola Company - CSS ATX 2017
Security Spotlight: The Coca Cola Company - CSS ATX 2017Security Spotlight: The Coca Cola Company - CSS ATX 2017
Security Spotlight: The Coca Cola Company - CSS ATX 2017Alert Logic
 
CSS17: DC - The AWS Shared Responsibility Model in Practice
CSS17: DC - The AWS Shared Responsibility Model in PracticeCSS17: DC - The AWS Shared Responsibility Model in Practice
CSS17: DC - The AWS Shared Responsibility Model in PracticeAlert Logic
 
AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersAWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersJames Strong
 
DDoS Mitigation Techniques and AWS Shield
DDoS Mitigation Techniques and AWS ShieldDDoS Mitigation Techniques and AWS Shield
DDoS Mitigation Techniques and AWS ShieldAmazon Web Services
 
CSS17: Dallas - The AWS Shared Responsibility Model in Practice
CSS17: Dallas - The AWS Shared Responsibility Model in PracticeCSS17: Dallas - The AWS Shared Responsibility Model in Practice
CSS17: Dallas - The AWS Shared Responsibility Model in PracticeAlert Logic
 
Journey Through the Cloud - Security Best Practices on AWS
Journey Through the Cloud - Security Best Practices on AWSJourney Through the Cloud - Security Best Practices on AWS
Journey Through the Cloud - Security Best Practices on AWSAmazon Web Services
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeAlert Logic
 
AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar Amazon Web Services
 
Security and Compliance in the Cloud
Security and Compliance in the Cloud Security and Compliance in the Cloud
Security and Compliance in the Cloud Amazon Web Services
 
Introduction to DevSecOps on AWS
Introduction to DevSecOps on AWSIntroduction to DevSecOps on AWS
Introduction to DevSecOps on AWSAmazon Web Services
 
Automating DDos and WAF responses - AWS Summit Cape Town 2018
Automating DDos and WAF responses - AWS Summit Cape Town 2018Automating DDos and WAF responses - AWS Summit Cape Town 2018
Automating DDos and WAF responses - AWS Summit Cape Town 2018Amazon Web Services
 
Segurança de Ponta a Ponta na AWS
Segurança de Ponta a Ponta na AWSSegurança de Ponta a Ponta na AWS
Segurança de Ponta a Ponta na AWSAlexandre Santos
 
AWS Security Overview and “What’s New”
AWS Security Overview and “What’s New”AWS Security Overview and “What’s New”
AWS Security Overview and “What’s New”Amazon Web Services
 
Kubernetes - do or do not, there is no try
Kubernetes - do or do not, there is no tryKubernetes - do or do not, there is no try
Kubernetes - do or do not, there is no tryJames Strong
 
Automating Event Driven Security in the AWS Cloud
Automating Event Driven Security in the AWS CloudAutomating Event Driven Security in the AWS Cloud
Automating Event Driven Security in the AWS CloudAmazon Web Services
 
CSS 17: NYC - The AWS Shared Responsibility Model in Practice
CSS 17: NYC - The AWS Shared Responsibility Model in PracticeCSS 17: NYC - The AWS Shared Responsibility Model in Practice
CSS 17: NYC - The AWS Shared Responsibility Model in PracticeAlert Logic
 
Introduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSIntroduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSAmazon Web Services
 
How to implement DevSecOps on AWS for startups
How to implement DevSecOps on AWS for startupsHow to implement DevSecOps on AWS for startups
How to implement DevSecOps on AWS for startupsAleksandr Maklakov
 
Intro to AWS: Security
Intro to AWS: SecurityIntro to AWS: Security
Intro to AWS: SecurityAmazon Web Services
 
Threat detection and mitigation at AWS
Threat detection and mitigation at AWSThreat detection and mitigation at AWS
Threat detection and mitigation at AWSNathan Case
 
How to prepare for & respond to security incidents in your AWS environment
How to prepare for & respond to security incidents in your AWS environment How to prepare for & respond to security incidents in your AWS environment
How to prepare for & respond to security incidents in your AWS environmentNathan Case
 
Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Amazon Web Services
 
Maturing your organization from DevOps to DevSecOps
Maturing your organization from DevOps to DevSecOpsMaturing your organization from DevOps to DevSecOps
Maturing your organization from DevOps to DevSecOpsAmazon Web Services
 
Austin CSS Slalom Presentation
Austin CSS Slalom PresentationAustin CSS Slalom Presentation
Austin CSS Slalom PresentationAlert Logic
 
AWS Security Fundamentals
AWS Security FundamentalsAWS Security Fundamentals
AWS Security FundamentalsAmazon Web Services
 
(SEC303) Architecting for End-To-End Security in the Enterprise
(SEC303) Architecting for End-To-End Security in the Enterprise(SEC303) Architecting for End-To-End Security in the Enterprise
(SEC303) Architecting for End-To-End Security in the EnterpriseAmazon Web Services
 
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017 AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017 Amazon Web Services
 

More Related Content

What's hot

Journey Through the Cloud - Security Best Practices on AWS
Journey Through the Cloud - Security Best Practices on AWSJourney Through the Cloud - Security Best Practices on AWS
Journey Through the Cloud - Security Best Practices on AWSAmazon Web Services
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeAlert Logic
 
AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar Amazon Web Services
 
Security and Compliance in the Cloud
Security and Compliance in the Cloud Security and Compliance in the Cloud
Security and Compliance in the Cloud Amazon Web Services
 
Introduction to DevSecOps on AWS
Introduction to DevSecOps on AWSIntroduction to DevSecOps on AWS
Introduction to DevSecOps on AWSAmazon Web Services
 
Automating DDos and WAF responses - AWS Summit Cape Town 2018
Automating DDos and WAF responses - AWS Summit Cape Town 2018Automating DDos and WAF responses - AWS Summit Cape Town 2018
Automating DDos and WAF responses - AWS Summit Cape Town 2018Amazon Web Services
 
Segurança de Ponta a Ponta na AWS
Segurança de Ponta a Ponta na AWSSegurança de Ponta a Ponta na AWS
Segurança de Ponta a Ponta na AWSAlexandre Santos
 
AWS Security Overview and “What’s New”
AWS Security Overview and “What’s New”AWS Security Overview and “What’s New”
AWS Security Overview and “What’s New”Amazon Web Services
 
Kubernetes - do or do not, there is no try
Kubernetes - do or do not, there is no tryKubernetes - do or do not, there is no try
Kubernetes - do or do not, there is no tryJames Strong
 
Automating Event Driven Security in the AWS Cloud
Automating Event Driven Security in the AWS CloudAutomating Event Driven Security in the AWS Cloud
Automating Event Driven Security in the AWS CloudAmazon Web Services
 
CSS 17: NYC - The AWS Shared Responsibility Model in Practice
CSS 17: NYC - The AWS Shared Responsibility Model in PracticeCSS 17: NYC - The AWS Shared Responsibility Model in Practice
CSS 17: NYC - The AWS Shared Responsibility Model in PracticeAlert Logic
 
Introduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSIntroduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSAmazon Web Services
 
How to implement DevSecOps on AWS for startups
How to implement DevSecOps on AWS for startupsHow to implement DevSecOps on AWS for startups
How to implement DevSecOps on AWS for startupsAleksandr Maklakov
 
Threat detection and mitigation at AWS
Threat detection and mitigation at AWSThreat detection and mitigation at AWS
Threat detection and mitigation at AWSNathan Case
 
How to prepare for & respond to security incidents in your AWS environment
How to prepare for & respond to security incidents in your AWS environment How to prepare for & respond to security incidents in your AWS environment
How to prepare for & respond to security incidents in your AWS environmentNathan Case
 
Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Amazon Web Services
 
Maturing your organization from DevOps to DevSecOps
Maturing your organization from DevOps to DevSecOpsMaturing your organization from DevOps to DevSecOps
Maturing your organization from DevOps to DevSecOpsAmazon Web Services
 
Austin CSS Slalom Presentation
Austin CSS Slalom PresentationAustin CSS Slalom Presentation
Austin CSS Slalom PresentationAlert Logic
 

What's hot (20)

Journey Through the Cloud - Security Best Practices on AWS
Journey Through the Cloud - Security Best Practices on AWSJourney Through the Cloud - Security Best Practices on AWS
Journey Through the Cloud - Security Best Practices on AWS
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar
 
Security and Compliance in the Cloud
Security and Compliance in the Cloud Security and Compliance in the Cloud
Security and Compliance in the Cloud
 
Introduction to DevSecOps on AWS
Introduction to DevSecOps on AWSIntroduction to DevSecOps on AWS
Introduction to DevSecOps on AWS
 
Automating DDos and WAF responses - AWS Summit Cape Town 2018
Automating DDos and WAF responses - AWS Summit Cape Town 2018Automating DDos and WAF responses - AWS Summit Cape Town 2018
Automating DDos and WAF responses - AWS Summit Cape Town 2018
 
Segurança de Ponta a Ponta na AWS
Segurança de Ponta a Ponta na AWSSegurança de Ponta a Ponta na AWS
Segurança de Ponta a Ponta na AWS
 
AWS Security Overview and “What’s New”
AWS Security Overview and “What’s New”AWS Security Overview and “What’s New”
AWS Security Overview and “What’s New”
 
Kubernetes - do or do not, there is no try
Kubernetes - do or do not, there is no tryKubernetes - do or do not, there is no try
Kubernetes - do or do not, there is no try
 
Automating Event Driven Security in the AWS Cloud
Automating Event Driven Security in the AWS CloudAutomating Event Driven Security in the AWS Cloud
Automating Event Driven Security in the AWS Cloud
 
CSS 17: NYC - The AWS Shared Responsibility Model in Practice
CSS 17: NYC - The AWS Shared Responsibility Model in PracticeCSS 17: NYC - The AWS Shared Responsibility Model in Practice
CSS 17: NYC - The AWS Shared Responsibility Model in Practice
 
Introduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSIntroduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWS
 
How to implement DevSecOps on AWS for startups
How to implement DevSecOps on AWS for startupsHow to implement DevSecOps on AWS for startups
How to implement DevSecOps on AWS for startups
 
Intro to AWS: Security
Intro to AWS: SecurityIntro to AWS: Security
Intro to AWS: Security
 
Threat detection and mitigation at AWS
Threat detection and mitigation at AWSThreat detection and mitigation at AWS
Threat detection and mitigation at AWS
 
How to prepare for & respond to security incidents in your AWS environment
How to prepare for & respond to security incidents in your AWS environment How to prepare for & respond to security incidents in your AWS environment
How to prepare for & respond to security incidents in your AWS environment
 
Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017
 
Maturing your organization from DevOps to DevSecOps
Maturing your organization from DevOps to DevSecOpsMaturing your organization from DevOps to DevSecOps
Maturing your organization from DevOps to DevSecOps
 
Austin CSS Slalom Presentation
Austin CSS Slalom PresentationAustin CSS Slalom Presentation
Austin CSS Slalom Presentation
 
AWS Security Fundamentals
AWS Security FundamentalsAWS Security Fundamentals
AWS Security Fundamentals
 

Similar to How to Build a Threat Detection Strategy in the AWS Cloud

(SEC303) Architecting for End-To-End Security in the Enterprise
(SEC303) Architecting for End-To-End Security in the Enterprise(SEC303) Architecting for End-To-End Security in the Enterprise
(SEC303) Architecting for End-To-End Security in the EnterpriseAmazon Web Services
 
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017 AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017 Amazon Web Services
 
(SEC203) Journey to Securing Time Inc's Move to the Cloud
(SEC203) Journey to Securing Time Inc's Move to the Cloud(SEC203) Journey to Securing Time Inc's Move to the Cloud
(SEC203) Journey to Securing Time Inc's Move to the CloudAmazon Web Services
 
AWS Certified Security - Specialty: What it is and how to get certified
AWS Certified Security - Specialty: What it is and how to get certifiedAWS Certified Security - Specialty: What it is and how to get certified
AWS Certified Security - Specialty: What it is and how to get certifiedInfosec
 
LIFT OFF 2017: AWS and Cloud Computing
LIFT OFF 2017: AWS and Cloud ComputingLIFT OFF 2017: AWS and Cloud Computing
LIFT OFF 2017: AWS and Cloud ComputingRobert Herjavec
 
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneSimplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneAmazon Web Services
 
AWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAmazon Web Services
 
Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...
Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...
Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...Amazon Web Services
 
AWS Enterprise Summit London 2015 | Security in the Cloud
AWS Enterprise Summit London 2015 | Security in the CloudAWS Enterprise Summit London 2015 | Security in the Cloud
AWS Enterprise Summit London 2015 | Security in the CloudAmazon Web Services
 
Modern Security and Compliance Through Automation
Modern Security and Compliance Through AutomationModern Security and Compliance Through Automation
Modern Security and Compliance Through AutomationAmazon Web Services
 
Improving Security Agility using DevSecOps
Improving Security Agility using DevSecOpsImproving Security Agility using DevSecOps
Improving Security Agility using DevSecOpsAmazon Web Services
 
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...Amazon Web Services
 
AWS Security for Financial Services
AWS Security for Financial ServicesAWS Security for Financial Services
AWS Security for Financial ServicesAmazon Web Services
 
How We Should Think About Security
How We Should Think About SecurityHow We Should Think About Security
How We Should Think About SecurityAmazon Web Services
 
Multi cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPMulti cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPFaiza Mehar
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeAlert Logic
 

Similar to How to Build a Threat Detection Strategy in the AWS Cloud (20)

(SEC303) Architecting for End-To-End Security in the Enterprise
(SEC303) Architecting for End-To-End Security in the Enterprise(SEC303) Architecting for End-To-End Security in the Enterprise
(SEC303) Architecting for End-To-End Security in the Enterprise
 
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017 AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
 
(SEC203) Journey to Securing Time Inc's Move to the Cloud
(SEC203) Journey to Securing Time Inc's Move to the Cloud(SEC203) Journey to Securing Time Inc's Move to the Cloud
(SEC203) Journey to Securing Time Inc's Move to the Cloud
 
Benefits of Cloud Computing
Benefits of Cloud ComputingBenefits of Cloud Computing
Benefits of Cloud Computing
 
AWS Certified Security - Specialty: What it is and how to get certified
AWS Certified Security - Specialty: What it is and how to get certifiedAWS Certified Security - Specialty: What it is and how to get certified
AWS Certified Security - Specialty: What it is and how to get certified
 
LIFT OFF 2017: AWS and Cloud Computing
LIFT OFF 2017: AWS and Cloud ComputingLIFT OFF 2017: AWS and Cloud Computing
LIFT OFF 2017: AWS and Cloud Computing
 
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneSimplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing Zone
 
AWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security Model
 
Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...
Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...
Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...
 
AWS Enterprise Summit London 2015 | Security in the Cloud
AWS Enterprise Summit London 2015 | Security in the CloudAWS Enterprise Summit London 2015 | Security in the Cloud
AWS Enterprise Summit London 2015 | Security in the Cloud
 
Modern Security and Compliance Through Automation
Modern Security and Compliance Through AutomationModern Security and Compliance Through Automation
Modern Security and Compliance Through Automation
 
Improving Security Agility using DevSecOps
Improving Security Agility using DevSecOpsImproving Security Agility using DevSecOps
Improving Security Agility using DevSecOps
 
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
 
Information Security in AWS - Dave Walker
Information Security in AWS - Dave WalkerInformation Security in AWS - Dave Walker
Information Security in AWS - Dave Walker
 
AWS Security for Financial Services
AWS Security for Financial ServicesAWS Security for Financial Services
AWS Security for Financial Services
 
Security & Compliance in AWS
Security & Compliance in AWSSecurity & Compliance in AWS
Security & Compliance in AWS
 
How We Should Think About Security
How We Should Think About SecurityHow We Should Think About Security
How We Should Think About Security
 
Multi cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPMulti cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCP
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 

More from Joseph Holbrook, Chief Learning Officer (CLO)

More from Joseph Holbrook, Chief Learning Officer (CLO) (20)

Cloud Computing Opportunities in the Goverment Military Sectors
Cloud Computing Opportunities in the Goverment Military SectorsCloud Computing Opportunities in the Goverment Military Sectors
Cloud Computing Opportunities in the Goverment Military Sectors
 
Top 10 key areas to learn in cloud in 2020
Top 10 key areas to learn in cloud in 2020Top 10 key areas to learn in cloud in 2020
Top 10 key areas to learn in cloud in 2020
 
"Creating a Competitive Edge Using Blockchain Technology"
"Creating a Competitive Edge Using Blockchain Technology""Creating a Competitive Edge Using Blockchain Technology"
"Creating a Competitive Edge Using Blockchain Technology"
 
How to design, code, deploy and execute a smart contract
How to design, code, deploy and execute a smart contractHow to design, code, deploy and execute a smart contract
How to design, code, deploy and execute a smart contract
 
AWS and DevOps Session 1
AWS and DevOps Session 1AWS and DevOps Session 1
AWS and DevOps Session 1
 
CompTIA Cybersecurity Analyst Certification Tips and Tricks
CompTIA Cybersecurity Analyst Certification Tips and TricksCompTIA Cybersecurity Analyst Certification Tips and Tricks
CompTIA Cybersecurity Analyst Certification Tips and Tricks
 
Blockchain Breakout Session Tech Coast Conference Jacksonville
Blockchain Breakout Session Tech Coast Conference JacksonvilleBlockchain Breakout Session Tech Coast Conference Jacksonville
Blockchain Breakout Session Tech Coast Conference Jacksonville
 
Blockchain Fundamentals Quickstart
Blockchain Fundamentals Quickstart Blockchain Fundamentals Quickstart
Blockchain Fundamentals Quickstart
 
Blockchain Proof or Concepts for Pre Sales Engineers
Blockchain Proof or Concepts for Pre Sales EngineersBlockchain Proof or Concepts for Pre Sales Engineers
Blockchain Proof or Concepts for Pre Sales Engineers
 
DevOps on GCP Course Compared to AWS
DevOps on GCP Course Compared to AWSDevOps on GCP Course Compared to AWS
DevOps on GCP Course Compared to AWS
 
Cloud Security Fundamentals Webinar
Cloud Security Fundamentals WebinarCloud Security Fundamentals Webinar
Cloud Security Fundamentals Webinar
 
Blockchain Fundamentals for Technology Engineers
Blockchain Fundamentals for Technology EngineersBlockchain Fundamentals for Technology Engineers
Blockchain Fundamentals for Technology Engineers
 
Cloud Security Top 10 Risk Mitigation Techniques for 2019
Cloud Security Top 10 Risk Mitigation Techniques for 2019Cloud Security Top 10 Risk Mitigation Techniques for 2019
Cloud Security Top 10 Risk Mitigation Techniques for 2019
 
Cloud Computing and the Culture of Innovation
Cloud Computing and the Culture of Innovation Cloud Computing and the Culture of Innovation
Cloud Computing and the Culture of Innovation
 
Udemy Cash Flow Workshop Jacksonville IT Pro Workshop 2018
Udemy Cash Flow Workshop Jacksonville IT Pro Workshop 2018Udemy Cash Flow Workshop Jacksonville IT Pro Workshop 2018
Udemy Cash Flow Workshop Jacksonville IT Pro Workshop 2018
 
CompTIA PenTest+ Exam (PT0-001) Exam Review
CompTIA PenTest+ Exam (PT0-001) Exam ReviewCompTIA PenTest+ Exam (PT0-001) Exam Review
CompTIA PenTest+ Exam (PT0-001) Exam Review
 
GCP Cloud Storage Security
GCP Cloud Storage SecurityGCP Cloud Storage Security
GCP Cloud Storage Security
 
Google Cloud Platform Intro to Data and Storage Services
Google Cloud Platform Intro to Data and Storage ServicesGoogle Cloud Platform Intro to Data and Storage Services
Google Cloud Platform Intro to Data and Storage Services
 
CompTIA PenTest+ BETA EXAM CODE PT1-001
CompTIA PenTest+ BETA EXAM CODE PT1-001CompTIA PenTest+ BETA EXAM CODE PT1-001
CompTIA PenTest+ BETA EXAM CODE PT1-001
 
INTRO TO BLOCKCHAINS AND CRYPTOCURRENCY
INTRO TO BLOCKCHAINS AND CRYPTOCURRENCYINTRO TO BLOCKCHAINS AND CRYPTOCURRENCY
INTRO TO BLOCKCHAINS AND CRYPTOCURRENCY
 

Recently uploaded

Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 

Recently uploaded (20)

Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 

How to Build a Threat Detection Strategy in the AWS Cloud

  • 1. How to Build a Threat Detection Strategy in AWS
  • 2. How to Build a Threat Detection Strategy in AWS Instructor Introduction
  • 3. Instructor Introduction • Joseph Holbrook • Consulting Blockchain Solutions Architect/Trainer/Speaker out of Jacksonville, FL • Certified Blockchain Solutions Architect (CBSA) • Certified Blockchain Developer Hyperledger (CBDH) • Certified Corda Developer • Certified Google Cloud Platform Cloud Architect and Engineer • AWS Professional Services Partner - Premier • Certified AWS Solutions Architect, SysOps and Security • CompTIA SME – Cloud and Security • Brocade Distinguished Architect (BDA) 2013 • EMC Proven Professional – Expert – Cloud (EMCCE) • Published Course Author on Pearson Safari, Udemy, Linkedin Learning • Author “Architecting Enterprise Blockchain Solutions” – Wiley November 2019 • Prior US Navy Veteran
  • 4. How to Build a Threat Detection Strategy in AWS Course Introduction
  • 5. Course Introduction By the end of this Course you should be able to understand  Shared Security Model  Introduction to Threat Detection  Intrusion Detection Systems, Advanced Threat Detection Systems and other security tools that enable a proactive response to threats.  Building a Threat Reduction Strategy  Cloud Adoption Framework (CAF) Security Perspective Controls  AWS GuardDuty Monitoring (Demo)  AWS Security Specialty Certification  Course Summary
  • 6. How to Build a Threat Detection Strategy in AWS Did you Know?
  • 7. Did you know? Did You Know? • In a recent eye-opening study, Threat Stack found that 73% of companies have at least one critical security misconfiguration, such as remote SSH open to the entire internet. • That most security incidents actually occur because of credential theft (according to the 2018 Verizon Data Breach Investigations Report) not sophisticated zero-day attacks against cloud providers themselves.
  • 8. Did you know? Did You Know? • The AWS S3 bucket name is not a secret and therefore there are many ways for a hacker to figure it out. Once the attacker figures it out they can steal your data and expose it to viewers that are unintended. • VPC Flow log entries can be scanned to detect both specific and anomalous attack patterns.
  • 9. How to Build a Threat Detection Strategy in AWS Shared Security Model
  • 10. Introduction and benefits of AWS security Shared Security Model • Review the shared responsibility model and know what the provider does for security and what the user is responsible for.
  • 11. How to Build a Threat Detection Strategy in AWS Introduction to Threat Detection
  • 12. How to Build a Threat Detection Strategy in AWS Threat Detection • Threat detection is the process by which you find threats on your network, your systems or your applications • Malware, Virus, Phishing, Trojans, Ransomware, permissioning issues, backdoors are common • APT- The enemy could be hidden for months or more. • Focus on techniques, tactics, and procedures (TTPs)
  • 13. How to Build a Threat Detection Strategy in AWS Understand what the attackers are after. • Credentials • Financial Information • Health Info/PII • Corporate Secrets • Ransom • Revenge or even corporate image harm
  • 14. How to Build a Threat Detection Strategy in AWS Threat Detection Tools • SIEMs • IDS • NGEN Firewalls • Endpoints • Cloud Brokers • Honeypots • Analytics
  • 15. How to Build a Threat Detection Strategy in AWS Intrusion Detection Systems, Advanced Threat Detection Systems and other security tools that enable a proactive response to threats
  • 16. Introduction and benefits of AWS security • SIEM – Security Hub • Security Service (Uses AI) – Macie • Security Service –(For EC2) Inspector • Compliance Tool – Audit Artifacts • DDoS Protection - Shield • CloudWatch – Monitoring Tool • Others such as HSM, FW Manager, Cognito, etc
  • 17. Introduction and benefits of AWS security Diagram - Fortinet
  • 18. Introduction and benefits of AWS security Diagram - AWS
  • 19. Introduction and benefits of AWS security
  • 20. Introduction and benefits of AWS security
  • 21. Introduction and benefits of AWS security
  • 22. How to Build a Threat Detection Strategy in AWS Building a Threat Reduction Strategy
  • 23. Introduction and benefits of AWS security Identify threats • Insider • Outsider • Kill Chain – 6 Steps • Kill Chain – 5 Components Diagram ISC Congress
  • 24. How to Build a Threat Detection Strategy in AWS Cloud Adoption Framework (CAF) Security Perspective Controls
  • 25. Introduction and benefits of AWS security • The AWS CAF provides a framework to help you structure and plan your cloud adoption journey and then build a comprehensive approach to cloud computing throughout the IT lifecycle. • The CAF provides seven specific areas of focus or Perspectives: business, platform, maturity, people, process, operations, and security. • Security Perspective captures AWS’s experience working with enterprise customers on their cloud adoption journey
  • 27. How to Build a Threat Detection Strategy in AWS AWS GuardDuty Monitoring
  • 28. How to Build a Threat Detection Strategy in AWS GuardDuty Analyzes literally billions of events to identify trends, patterns, and anomalies to find behavior that are recognizable signs that something may be wrong. Receives Input from multiple data streams. • Several threat intelligence feeds • Staying aware of malicious IP addresses and domains
  • 29. How to Build a Threat Detection Strategy in AWS GuardDuty searches customers specified • Virtual Private Cloud (VPC) Flow Logs • AWS CloudTrail • DNS logs You can also set a whitelist list and a blacklist
  • 30. How to Build a Threat Detection Strategy in AWS GuardDuty searches customers specified • Virtual Private Cloud (VPC) Flow Logs • AWS CloudTrail • DNS logs
  • 31. How to Build a Threat Detection Strategy in AWS GuardDuty searches customers specified • Virtual Private Cloud (VPC) Flow Logs • AWS CloudTrail • DNS logs
  • 32. How to Build a Threat Detection Strategy in AWS GuardDuty searches customers specified • Virtual Private Cloud (VPC) Flow Logs • AWS CloudTrail • DNS logs
  • 33. How to Build a Threat Detection Strategy in AWS GuardDuty searches customers specified • Virtual Private Cloud (VPC) Flow Logs • AWS CloudTrail • DNS logs
  • 34. AWS Guard Duty • Overview
  • 35. Introduction and benefits of AWS security Top 7 AWS Security Services • AWS Security Center • AWS Guard Duty • AWS CloudHSM • Amazon Inspector • AWS Key Management Service • AWS Trusted Advisor • AWS Cloud Trail AWS Services - Security
  • 36. Introduction and benefits of AWS security AWS Security Specialty Exam
  • 37. Introduction and benefits of AWS security AWS Security Specialization is really focused on best practices, AWS security services and security controls for workloads on AWS. Exam info is here. https://aws.amazon.com/certification/certified-security-specialty/
  • 38. How to Build a Threat Detection Strategy in AWS Course Summary
  • 39. How to Build a Threat Detection Strategy in AWS Threat Detection in AWS Putting it all together  AWS services can be used in a complementary manner to add capability.  AWS and Security are complementary. The better your security planning is the more favorable results you should get out of AWS services.  AWS has a robust solution set of security related services.
  • 40. How to Build a Threat Detection Strategy in AWS Resources  AWS Security Products - https://aws.amazon.com/products/security/  Security Hub - https://aws.amazon.com/security-hub/  Landing Zone - https://aws.amazon.com/solutions/aws-landing-zone/  Fortinet - https://www.fortinet.com/products/public-cloud-security/aws.html
  • 41. How to Build a Threat Detection Strategy in AWS QuickStart Resources - AWS
  • 42. How to Build a Threat Detection Strategy in AWS Thank you and Questions

Editor's Notes

  1. Also share why they should care knowing this information
  2. Also share why they should care knowing this information
  3. Also share why they should care knowing this information
  4. Also share why they should care knowing this information
  5. Also share why they should care knowing this information
  6. Also share why they should care knowing this information
  7. Also share why they should care knowing this information
  8. Also share why they should care knowing this information
  9. Also share why they should care knowing this information
  10. Also share why they should care knowing this information
  11. Also share why they should care knowing this information
  12. Also share why they should care knowing this information
  13. Also share why they should care knowing this information
  14. Also share why they should care knowing this information
  15. Also share why they should care knowing this information
  16. Also share why they should care knowing this information
  17. Also share why they should care knowing this information
  18. Also share why they should care knowing this information
  19. Also share why they should care knowing this information
  20. Also share why they should care knowing this information
  21. Also share why they should care knowing this information
  22. Also share why they should care knowing this information
  23. Also share why they should care knowing this information
  24. Also share why they should care knowing this information
  25. Also share why they should care knowing this information
  26. Also share why they should care knowing this information
  27. Also share why they should care knowing this information
  28. Also share why they should care knowing this information
  29. Also share why they should care knowing this information
  30. Also share why they should care knowing this information
  31. Also share why they should care knowing this information
  32. Also share why they should care knowing this information
  33. Also share why they should care knowing this information
  34. Also share why they should care knowing this information
  35. Also share why they should care knowing this information
  36. Also share why they should care knowing this information
  37. Also share why they should care knowing this information
  38. Also share why they should care knowing this information